How to block DHCP requests on interface?

[Ztrek7]

How to block DHCP requests on interface?

I have a 3750 switch, I know, not a "real" router, but I have just joined it to one of my VLAN's that does DHCP, I already have DHCP running on this VLAN. I want to block all DHCP requests coming from a certain interface?

Suggestions?

 

[VoIPGuyNSC]

Please explain. Are you saying that you don't want any devices connected to this 3750 to receive a DHCP offer from your existing DHCP server?

John Lever
Telecommunications
Richland School District Two

 

[voltron1011]

Yeah, please explain because DHCP requests don't traverse across VLAN's unless there is DHCP-helper configured.

 

[Ztrek7]

I have network 192.168.1.0 with a dhcp server (windows)VLAN 10

I also have network 172.32.1.0 with dhcp server (cisco) VLAN 30

I just set a port on the router(3750) that lives on both networks to to be on VLAN 30 and plugged it into a switch on VLAN 10 so my laptops with a static IP can get to their default gateway on vlan 30.

My question/concern is if a PC comes online, makes a dhcp request, that VLAN 30 will answer and set the wrong IP.

If I could just block all DHCP on port 23 let's say, I believe that will work. Or, will it not jump?

 

[VoIPGuyNSC]

The PCs on the switch will only broadcast DHCP requests to others stations on that same VLAN, be it VLAN 30, VLAN 10 or VLAN kalamazoo. Now, if you have some ports trunked, which I believe is what you are saying, then that DHCP request will go out on the trunk, but ultimately, you have only one DHCP server per VLAN, so the DHCP server to get the DHCP broadcast will be the DHCP server on the same VLAN as the PC. As voltron1011 mentioned, you don't have a DHCP helper running anywhere, do you?

John Lever
Telecommunications
Richland School District Two

 

[Ztrek7]

Here is a link to a pic i made, it will explain better.

http://www.zgtechnologies.com/test/basics.jpg

i connected vlan 30 to vlan 10 so clients physically on vlan 10 with static ip's of vlan 30 can route.

it may be alright. it may be all jacked up and i don't know it yet. My end goal is accomplished, it worked, now i am worried that dhcp requests will go to the vlan 30 if vlan 10 is to slow.

thoughts?

 

[Ztrek7]

update:

the DHCP traversed the other way. VLAN 30 recieved an address from VLAN 10.

 

[Ztrek7]

here is what i am thinking:

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps

interface FastEthernet1/0/23
ip access-group Deny_DHCP

 

[Ztrek7]

here is what i am thinking

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps

interface FastEthernet1/0/23
ip access-group Deny_DHCP

 

[Ztrek7]

here is what i am thinking

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps

interface FastEthernet1/0/23
ip access-group Deny_DHCP in

I have put this is, but before I plug cable in, anyone see anything wrong with it?

 

[Ztrek7]

site was erroring, don't know where to delete the extra posts.

 

[Fatty99]

[qoute]
here is what i am thinking

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps

interface FastEthernet1/0/23
ip access-group Deny_DHCP in

I have put this is, but before I plug cable in, anyone see anything wrong with it?
[/qoute]

This won't work. It will deny all traffic.
U have to add permit ip any any to ACL Deny_DHCP